1*2139Sjp161948 /* v3_pmaps.c */
2*2139Sjp161948 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3*2139Sjp161948 * project.
4*2139Sjp161948 */
5*2139Sjp161948 /* ====================================================================
6*2139Sjp161948 * Copyright (c) 2003 The OpenSSL Project. All rights reserved.
7*2139Sjp161948 *
8*2139Sjp161948 * Redistribution and use in source and binary forms, with or without
9*2139Sjp161948 * modification, are permitted provided that the following conditions
10*2139Sjp161948 * are met:
11*2139Sjp161948 *
12*2139Sjp161948 * 1. Redistributions of source code must retain the above copyright
13*2139Sjp161948 * notice, this list of conditions and the following disclaimer.
14*2139Sjp161948 *
15*2139Sjp161948 * 2. Redistributions in binary form must reproduce the above copyright
16*2139Sjp161948 * notice, this list of conditions and the following disclaimer in
17*2139Sjp161948 * the documentation and/or other materials provided with the
18*2139Sjp161948 * distribution.
19*2139Sjp161948 *
20*2139Sjp161948 * 3. All advertising materials mentioning features or use of this
21*2139Sjp161948 * software must display the following acknowledgment:
22*2139Sjp161948 * "This product includes software developed by the OpenSSL Project
23*2139Sjp161948 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24*2139Sjp161948 *
25*2139Sjp161948 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26*2139Sjp161948 * endorse or promote products derived from this software without
27*2139Sjp161948 * prior written permission. For written permission, please contact
28*2139Sjp161948 * licensing@OpenSSL.org.
29*2139Sjp161948 *
30*2139Sjp161948 * 5. Products derived from this software may not be called "OpenSSL"
31*2139Sjp161948 * nor may "OpenSSL" appear in their names without prior written
32*2139Sjp161948 * permission of the OpenSSL Project.
33*2139Sjp161948 *
34*2139Sjp161948 * 6. Redistributions of any form whatsoever must retain the following
35*2139Sjp161948 * acknowledgment:
36*2139Sjp161948 * "This product includes software developed by the OpenSSL Project
37*2139Sjp161948 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38*2139Sjp161948 *
39*2139Sjp161948 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40*2139Sjp161948 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41*2139Sjp161948 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42*2139Sjp161948 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43*2139Sjp161948 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44*2139Sjp161948 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45*2139Sjp161948 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46*2139Sjp161948 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47*2139Sjp161948 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48*2139Sjp161948 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49*2139Sjp161948 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50*2139Sjp161948 * OF THE POSSIBILITY OF SUCH DAMAGE.
51*2139Sjp161948 * ====================================================================
52*2139Sjp161948 *
53*2139Sjp161948 * This product includes cryptographic software written by Eric Young
54*2139Sjp161948 * (eay@cryptsoft.com). This product includes software written by Tim
55*2139Sjp161948 * Hudson (tjh@cryptsoft.com).
56*2139Sjp161948 *
57*2139Sjp161948 */
58*2139Sjp161948
59*2139Sjp161948
60*2139Sjp161948 #include <stdio.h>
61*2139Sjp161948 #include "cryptlib.h"
62*2139Sjp161948 #include <openssl/asn1t.h>
63*2139Sjp161948 #include <openssl/conf.h>
64*2139Sjp161948 #include <openssl/x509v3.h>
65*2139Sjp161948
66*2139Sjp161948 static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
67*2139Sjp161948 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
68*2139Sjp161948 static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
69*2139Sjp161948 void *pmps, STACK_OF(CONF_VALUE) *extlist);
70*2139Sjp161948
71*2139Sjp161948 X509V3_EXT_METHOD v3_policy_mappings = {
72*2139Sjp161948 NID_policy_mappings, 0,
73*2139Sjp161948 ASN1_ITEM_ref(POLICY_MAPPINGS),
74*2139Sjp161948 0,0,0,0,
75*2139Sjp161948 0,0,
76*2139Sjp161948 i2v_POLICY_MAPPINGS,
77*2139Sjp161948 v2i_POLICY_MAPPINGS,
78*2139Sjp161948 0,0,
79*2139Sjp161948 NULL
80*2139Sjp161948 };
81*2139Sjp161948
82*2139Sjp161948 ASN1_SEQUENCE(POLICY_MAPPING) = {
83*2139Sjp161948 ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT),
84*2139Sjp161948 ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT)
85*2139Sjp161948 } ASN1_SEQUENCE_END(POLICY_MAPPING)
86*2139Sjp161948
87*2139Sjp161948 ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) =
88*2139Sjp161948 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS,
89*2139Sjp161948 POLICY_MAPPING)
90*2139Sjp161948 ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS)
91*2139Sjp161948
92*2139Sjp161948 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
93*2139Sjp161948
94*2139Sjp161948
95*2139Sjp161948 static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
96*2139Sjp161948 void *a, STACK_OF(CONF_VALUE) *ext_list)
97*2139Sjp161948 {
98*2139Sjp161948 POLICY_MAPPINGS *pmaps = a;
99*2139Sjp161948 POLICY_MAPPING *pmap;
100*2139Sjp161948 int i;
101*2139Sjp161948 char obj_tmp1[80];
102*2139Sjp161948 char obj_tmp2[80];
103*2139Sjp161948 for(i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) {
104*2139Sjp161948 pmap = sk_POLICY_MAPPING_value(pmaps, i);
105*2139Sjp161948 i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy);
106*2139Sjp161948 i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy);
107*2139Sjp161948 X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list);
108*2139Sjp161948 }
109*2139Sjp161948 return ext_list;
110*2139Sjp161948 }
111*2139Sjp161948
v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD * method,X509V3_CTX * ctx,STACK_OF (CONF_VALUE)* nval)112*2139Sjp161948 static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
113*2139Sjp161948 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
114*2139Sjp161948 {
115*2139Sjp161948 POLICY_MAPPINGS *pmaps;
116*2139Sjp161948 POLICY_MAPPING *pmap;
117*2139Sjp161948 ASN1_OBJECT *obj1, *obj2;
118*2139Sjp161948 CONF_VALUE *val;
119*2139Sjp161948 int i;
120*2139Sjp161948
121*2139Sjp161948 if(!(pmaps = sk_POLICY_MAPPING_new_null())) {
122*2139Sjp161948 X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE);
123*2139Sjp161948 return NULL;
124*2139Sjp161948 }
125*2139Sjp161948
126*2139Sjp161948 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
127*2139Sjp161948 val = sk_CONF_VALUE_value(nval, i);
128*2139Sjp161948 if(!val->value || !val->name) {
129*2139Sjp161948 sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
130*2139Sjp161948 X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER);
131*2139Sjp161948 X509V3_conf_err(val);
132*2139Sjp161948 return NULL;
133*2139Sjp161948 }
134*2139Sjp161948 obj1 = OBJ_txt2obj(val->name, 0);
135*2139Sjp161948 obj2 = OBJ_txt2obj(val->value, 0);
136*2139Sjp161948 if(!obj1 || !obj2) {
137*2139Sjp161948 sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
138*2139Sjp161948 X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER);
139*2139Sjp161948 X509V3_conf_err(val);
140*2139Sjp161948 return NULL;
141*2139Sjp161948 }
142*2139Sjp161948 pmap = POLICY_MAPPING_new();
143*2139Sjp161948 if (!pmap) {
144*2139Sjp161948 sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
145*2139Sjp161948 X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE);
146*2139Sjp161948 return NULL;
147*2139Sjp161948 }
148*2139Sjp161948 pmap->issuerDomainPolicy = obj1;
149*2139Sjp161948 pmap->subjectDomainPolicy = obj2;
150*2139Sjp161948 sk_POLICY_MAPPING_push(pmaps, pmap);
151*2139Sjp161948 }
152*2139Sjp161948 return pmaps;
153*2139Sjp161948 }
154